the coinductive approach to verifying cryptographic
play

The Coinductive Approach to Verifying Cryptographic Protocols Jesse - PowerPoint PPT Presentation

Feb 04, 2024 •104 likes •1.95k views

The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with Martijn Warnier jesseh@cs.kun.nl University of Nijmegen The Coinductive Approach to Verifying Cryptographic Protocols p.1/27 Outline I.

  1. Analysis It would be nice to know that, if two participants use a protocol, the outcome is good. • No one learns the key they agree to use; • Both of them know the key; The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  2. Analysis It would be nice to know that, if two participants use a protocol, the outcome is good. • No one learns the key they agree to use; • Both of them know the key; • Each is aware the other knows the key. The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  3. Analysis It would be nice to know that, if two participants use a protocol, the outcome is good. • No one learns the key they agree to use; • Both of them know the key; • Each is aware the other knows the key. For this, we need an appropriate model in which to reason about the protocols. The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  4. Analysis It would be nice to know that, if two participants use a protocol, the outcome is good. • No one learns the key they agree to use; • Both of them know the key; • Each is aware the other knows the key. For this, we need an appropriate model in which to reason about the protocols. We analyze the protocol using a Dolev-Yao security model. That is, we create a model consisting of • any number of “normal” agents and The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  5. Analysis It would be nice to know that, if two participants use a protocol, the outcome is good. • No one learns the key they agree to use; • Both of them know the key; • Each is aware the other knows the key. For this, we need an appropriate model in which to reason about the protocols. We analyze the protocol using a Dolev-Yao security model. That is, we create a model consisting of • any number of “normal” agents and • one very powerful spy. The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  6. Analysis It would be nice to know that, if two participants use a protocol, the outcome is good. • No one learns the key they agree to use; • Both of them know the key; • Each is aware the other knows the key. For this, we need an appropriate model in which to reason about the protocols. We analyze the protocol using a Dolev-Yao security model. That is, we create a model consisting of • any number of “normal” agents and • one very powerful spy. We then prove that the conditions above hold. The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  7. Analysis Requirements: needed for: • to model abstract data types messages The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  8. Analysis Requirements: needed for: • to model abstract data types messages • to model dynamic systems users’ knowledge The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  9. Analysis Requirements: needed for: • to model abstract data types messages • to model dynamic systems users’ knowledge • to use temporal reasoning correctness conditions The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  10. Analysis Requirements: needed for: • to model abstract data types messages • to model dynamic systems users’ knowledge • to use temporal reasoning correctness conditions The language CCSL allows all of this. The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  11. Analysis Requirements: theory: • to model abstract data types algebra • to model dynamic systems • to use temporal reasoning The language CCSL allows all of this. CCSL is built upon an abstract mathematical foundation. The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  12. Analysis Requirements: theory: • to model abstract data types algebra • to model dynamic systems coalgebra • to use temporal reasoning The language CCSL allows all of this. CCSL is built upon an abstract mathematical foundation. The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  13. Analysis Requirements: theory: • to model abstract data types algebra • to model dynamic systems coalgebra • to use temporal reasoning Galois algebra The language CCSL allows all of this. CCSL is built upon an abstract mathematical foundation. The Coinductive Approach to Verifying Cryptographic Protocols – p.6/27

  14. Part Two: The Theory The Coinductive Approach to Verifying Cryptographic Protocols – p.7/27

  15. Algebra primer Let Σ be a signature, i.e., Σ = { f ( n i ) | i ∈ I } . i The Coinductive Approach to Verifying Cryptographic Protocols – p.8/27

  16. Algebra primer Let Σ be a signature, i.e., Σ = { f ( n i ) | i ∈ I } . i A Σ -algebra is a set A together with an interpretation for each f i . The Coinductive Approach to Verifying Cryptographic Protocols – p.8/27

  17. � � Algebra primer Example: Σ = { e, − − 1 , ×} . 1 A × A A � � � � � � � − 1 � � e � � � × � � � � A The Coinductive Approach to Verifying Cryptographic Protocols – p.8/27

  18. � Algebra primer Example: Σ = { e, − − 1 , ×} . 1 + A + A × A A The Coinductive Approach to Verifying Cryptographic Protocols – p.8/27

  19. � � � Algebra primer Example: Σ = { e, − − 1 , ×} . 1 + A + A × A FA A A Let F : SET � SET be given. An F -algebra is a set A with a structure FA A The Coinductive Approach to Verifying Cryptographic Protocols – p.8/27

  20. � � Algebra primer Example: Σ = { e, − − 1 , ×} . 1 + A + A × A FA A A For polynomial functors, an F -algebra is a universal algebra. The Coinductive Approach to Verifying Cryptographic Protocols – p.8/27

  21. � � Coalgebra primer Example: 1 + A + A × A FA A A The Coinductive Approach to Verifying Cryptographic Protocols – p.9/27

  22. � � � Coalgebra primer Example: 1 + A + A × A FA A A An F -coalgebra is a set A with a structure FA A The Coinductive Approach to Verifying Cryptographic Protocols – p.9/27

  23. � � � Coalgebra primer Example: 1 + A + A × A FA A A An F -coalgebra is a set A with a structure FA A Think: a coalgebra is a set in which each element can be decomposed as elements of a structured set. The Coinductive Approach to Verifying Cryptographic Protocols – p.9/27

  24. � � Coalgebra primer Example: 1 + A + A × A FA A A Coalgebras model non-well-founded structures, including infinitary trees, streams, etc. The Coinductive Approach to Verifying Cryptographic Protocols – p.9/27

  25. � � Coalgebra primer Example: 1 + A + A × A FA A A Coalgebras can also represent dynamic systems. The Coinductive Approach to Verifying Cryptographic Protocols – p.9/27

  26. � � Coalgebra primer Example: 1 + A + A × A FA A A Coalgebras can also represent dynamic systems. In security protocols, the principals’ knowledge changes over time as messages are sent and received. The Coinductive Approach to Verifying Cryptographic Protocols – p.9/27

  27. � � Coalgebra primer Example: 1 + A + A × A FA A A Coalgebras can also represent dynamic systems. In security protocols, the principals’ knowledge changes over time as messages are sent and received. Hence, we use a coalgebraic model. The Coinductive Approach to Verifying Cryptographic Protocols – p.9/27

  28. Coalgebraic signatures An algebraic signature is given by declarations: f i : X n i � X The Coinductive Approach to Verifying Cryptographic Protocols – p.10/27

  29. Coalgebraic signatures An algebraic signature is given by declarations: f i : F i X � X The Coinductive Approach to Verifying Cryptographic Protocols – p.10/27

  30. Coalgebraic signatures An algebraic signature is given by declarations: f i : F i X � X Equivalently, f : � i F i X � X The Coinductive Approach to Verifying Cryptographic Protocols – p.10/27

  31. Coalgebraic signatures An algebraic signature is given by declarations: f i : F i X � X Equivalently, f : � i F i X � X A coalgebraic signature is given by declarations f i : X � F i X The Coinductive Approach to Verifying Cryptographic Protocols – p.10/27

  32. Coalgebraic signatures An algebraic signature is given by declarations: f i : F i X � X Equivalently, f : � i F i X � X A coalgebraic signature is given by declarations f i : X � F i X Equivalently, f : X � � i F i X The Coinductive Approach to Verifying Cryptographic Protocols – p.10/27

  33. Examples FX Final coalgebra Initial algebra Z × X ∅ infinite streams The Coinductive Approach to Verifying Cryptographic Protocols – p.11/27

  34. Examples FX Final coalgebra Initial algebra Z × X ∅ infinite streams 1 + Z × X finite streams finite and infinite streams The Coinductive Approach to Verifying Cryptographic Protocols – p.11/27

  35. Examples FX Final coalgebra Initial algebra Z × X ∅ infinite streams 1 + Z × X finite streams finite and infinite streams 1 + X × X finite trees finite and infinite trees The Coinductive Approach to Verifying Cryptographic Protocols – p.11/27

  36. Examples FX Final coalgebra Initial algebra Z × X ∅ infinite streams 1 + Z × X finite streams finite and infinite streams 1 + X × X finite trees finite and infinite trees P ω X finite, arb. Kripke frame branching trees The Coinductive Approach to Verifying Cryptographic Protocols – p.11/27

  37. Our coalgebra Spy A B Consider a run with three principals: A , B and the Spy . The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  38. Our coalgebra Spy A B Consider a run with three principals: A , B and the Spy . Suppose that A sends a message to B . The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  39. � Our coalgebra ! Then, in the next instant, the Spy learns the message. The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  40. � Our coalgebra ! Then, in the next instant, the Spy learns the message. Supposing that the message arrives at that time, then... The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  41. � � Our coalgebra ! ! ...the next instant, B learns the message, too. The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  42. � � Our coalgebra ! ! So, to describe this system, we use a coalgebra with • a method giving the next state, The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  43. � � Our coalgebra ! ! So, to describe this system, we use a coalgebra with • a method giving the next state, • attributes describing the action occurring, The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  44. � � Our coalgebra ! ! So, to describe this system, we use a coalgebra with • a method giving the next state, • attributes describing the action occurring, • attributes describing the participants’ knowledge. The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  45. ☎✆ � ☛ � ✡ ✞ � � ✁ ✂ ✄ ✠ � ✄ Our coalgebra ! ! MsgContext : CLASSSPEC METHOD : Self → Self : Self → { idle , sent , received } ✝✟✞ : Self × Princ → [ Message → Bool ] The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  46. � � Our coalgebra ! ! We would like to prove, e.g., that The Spy never learns the session key. The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  47. � � Our coalgebra ! ! We would like to prove, e.g., that The Spy never learns the session key. For this, we need to reason temporally. The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  48. � � Our coalgebra ! ! We would like to prove, e.g., that The Spy never learns the session key. For this, we need to reason temporally. Categories of coalgebras come with temporal operators, which we can understand in terms of Galois algebras. The Coinductive Approach to Verifying Cryptographic Protocols – p.12/27

  49. Galois algebras A Galois algebra is a complete, Boolean algebra P together with an operation [ ]: P � P which preserves meets. The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  50. Galois algebras A Galois algebra is a complete, Boolean algebra P together with an operation [ ]: P � P which preserves meets. Think: [ ] P ( x ) means P holds for all successor states of x . The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  51. Galois algebras A Galois algebra is a complete, Boolean algebra P together with an operation [ ]: P � P which preserves meets. Think: [ ] P ( x ) means P holds for all successor states of x . With just these assumptions, we can develop a remarkable amount of temporal logic. The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  52. Galois algebras � � ← ⊣ [ ] [ ] is part of a Galois connection, with left adjoint � � ← . The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  53. Galois algebras � � ← ⊣ [ ] [ ] ← � � Each operator has a conjugate, [ ] ← = ¬� � ← ¬ � � = ¬ [ ] ¬ The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  54. Galois algebras � � ← ⊣ [ ] [ ] ← ⊢ � � This yields another Galois connection. The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  55. Galois algebras � � ← ⊣ [ ] Next time [ ] ← ⊢ � � In our interpretation, [ ] means “in every next state”. [ ] P = { p | ∀ p → r . P ( r ) } The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  56. Galois algebras � � ← ⊣ [ ] Next time [ ] ← ⊢ � � In our interpretation, [ ] means “in every next state”. [ ] P = { p | ∀ p → r . P ( r ) } A proposition P such that P implies [ ] P is called an invariant . The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  57. Galois algebras � � ← ⊣ [ ] Next time [ ] ← ⊢ � � In our interpretation, [ ] means “in every next state”. [ ] P = { p | ∀ p → r . P ( r ) } A proposition P such that P implies [ ] P is called an invariant . Invariants are the coalgebraic analogues to inductive predicates. The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  58. Galois algebras Some time preceding � � ← ⊣ [ ] Next time Always Some next preceding [ ] ← ⊢ � � time This induces the remaining interpretations. The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  59. Galois algebras Some time preceding � � ← ⊣ [ ] Next time Always Some next preceding [ ] ← ⊢ � � time This induces the remaining interpretations. The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  60. Galois algebras Some time preceding � � ← ⊣ [ ] Next time Always Some next preceding [ ] ← ⊢ � � time This induces the remaining interpretations. The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  61. Galois algebras Some time preceding � � ← ⊣ [ ] Next time Always Some next preceding [ ] ← ⊢ � � time This allows us to represent statements like If B receives a message at time t , then B knows the message at t + 1 . The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  62. Galois algebras Some time preceding � � ← ⊣ [ ] Next time Always Some next preceding [ ] ← ⊢ � � time Note: from just a complete partial order with a meet-preserving operator, we get the remaining three operators. The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  63. Galois algebras Some time preceding � � ← ⊣ [ ] Next time Always Some next preceding [ ] ← ⊢ � � time Note: from just a complete partial order with a meet-preserving operator, we get the remaining three operators. But wait! There’s more... The Coinductive Approach to Verifying Cryptographic Protocols – p.13/27

  64. ☞ Fixed point operators Always We can define an “always” operator via a fixed point construction: P = νZ . P ∧ [ ] Z The Coinductive Approach to Verifying Cryptographic Protocols – p.14/27

  65. ☞ ☞ Fixed point operators Always We can define an “always” operator via a fixed point construction: P = νZ . P ∧ [ ] Z P is the greatest invariant contained in P . The Coinductive Approach to Verifying Cryptographic Protocols – p.14/27

  66. ☞ ☞ Fixed point operators Always We can define an “always” operator via a fixed point construction: P = νZ . P ∧ [ ] Z P is the greatest invariant contained in P . This operator preserves meets, so we have another Galois algebra. The Coinductive Approach to Verifying Cryptographic Protocols – p.14/27

  67. Fixed point operators Once ✸ ← ⊣ Always ← ⊢ ✸ Previously Eventually This yields the remaining operators and interpretations. The Coinductive Approach to Verifying Cryptographic Protocols – p.14/27

Recommend

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth M.D.Ryan@cs.bham.ac.uk research@bensmyth.com Cryptoforma 7th April 2010 Cryptographic protocols A cryptographic protocol is a distributed procedure that employs

698 views • 46 slides
The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of

The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of

The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of Software Chinese Academy of Sciences BASICS09, Shanghai, China October 13, 2009 Background Formal verification of security protocols from

312 views • 28 slides
A coinductive approach to -equivalence relations jww Simon Boulier and Nicolas Tabareau

A coinductive approach to -equivalence relations jww Simon Boulier and Nicolas Tabareau

A coinductive approach to -equivalence relations jww Simon Boulier and Nicolas Tabareau (INRIA Nantes) Egbert Rijke Carnegie Mellon University erijke@andrew.cmu.edu September 8th 2017, Oxford Overview & Goals To formulate in

816 views • 24 slides
A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John

A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John

A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John Matthews Galois Connections August 15, 2006 1 Presently at Microsoft. Thanks Rockwell Collins Advanced Technology Center, especially David

655 views • 27 slides
Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution Mihhail

Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution Mihhail

Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution Mihhail Aizatulin 1 supervised by Andrew Gordon 23 , Jan J urjens 4 , Bashar Nuseibeh 1 1 The Open University 2 Microsoft Research Cambridge 3 University of

543 views • 29 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
Mistakes Are Proof That You Are Trying: On Verifying Software Encoding Schemes Resistance to

Mistakes Are Proof That You Are Trying: On Verifying Software Encoding Schemes Resistance to

Mistakes Are Proof That You Are Trying: On Verifying Software Encoding Schemes Resistance to Fault Injection Attacks Jakub Breier, Dirmanto Jap, and Shivam Bhasin Presenter: Wei He Physical Analysis and Cryptographic Engineering Nanyang

525 views • 26 slides
Simultaneous inductive/coinductive definition of continuous functions Helmut Schwichtenberg

Simultaneous inductive/coinductive definition of continuous functions Helmut Schwichtenberg

Semantics Inductive/coinductive definitions Computational content Simultaneous inductive/coinductive definition of continuous functions Helmut Schwichtenberg (j.w.w. Kenji Miyamoto) Mathematisches Institut, LMU, M unchen Schlo Dagstuhl,

497 views • 27 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
Coinductive Stream Calculus in Haskell Joost Winter Centrum Wiskunde & Informatica June 4,

Coinductive Stream Calculus in Haskell Joost Winter Centrum Wiskunde & Informatica June 4,

Coinductive Stream Calculus in Haskell Joost Winter Centrum Wiskunde & Informatica June 4, 2013 Joost Winter Coinductive Stream Calculus in Haskell A short motivation Haskell has nice built-in support or infinitary, or coinductive

835 views • 17 slides
Verifying Hypermedia Applications by Using a MDE Approach Cristian Koliver - Federal University

Verifying Hypermedia Applications by Using a MDE Approach Cristian Koliver - Federal University

Introduction The Proposed Design Method Formal Verification Toolchain Conclusions Verifying Hypermedia Applications by Using a MDE Approach Cristian Koliver - Federal University of Santa Catarina, Delcino Picinin Jnior - Federal Institute

692 views • 37 slides
Verifying Transformation Rules of the HATS High-Assurance Transformation System: An Approach

Verifying Transformation Rules of the HATS High-Assurance Transformation System: An Approach

Verifying Transformation Rules of the HATS High-Assurance Transformation System: An Approach Steve Roach Fares Fraij Department of Computer Science The University of Texas at El Paso Fifth International Workshop on the ACL2 Theorem

299 views • 17 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Efficient lambda encodings for Mendler-style coinductive types in Cedille Chris Jenkins , Aaron

Efficient lambda encodings for Mendler-style coinductive types in Cedille Chris Jenkins , Aaron

Efficient lambda encodings for Mendler-style coinductive types in Cedille Chris Jenkins , Aaron Stump, Larry Diehl August 30, 2020 University of Iowa, Dept. of Computer Science Introduction Coinductive types and their lambda encodings

1.05k views • 29 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

452 views • 14 slides
stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication

stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication

stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication to be nobody-but-yourselfin a world which is doing its best to make you everybody else - e e cummings authentication: verifying the

490 views • 15 slides
Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Challenges with provable security Building or verifying reductionist proofs is hard Proofs are long and error-prone Rely on unstated and unverified

921 views • 78 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views • 29 slides
Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements Christophe

Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements Christophe

Third International Workshop on Requirements Engineering and Law (RELAW 10) - September 28 th 2010 Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements

429 views • 27 slides
Towards Coinductive Theory Exploration Katya Komendantskaya (joint work with Yue Li, Henning

Towards Coinductive Theory Exploration Katya Komendantskaya (joint work with Yue Li, Henning

Towards Coinductive Theory Exploration Katya Komendantskaya (joint work with Yue Li, Henning Basold, John Power et al.) Workshop WAIT18, 29 June 2018 Outline Problem statement Solution Technical details FOL, Coinductively Any theory

895 views • 48 slides
The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University

The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University

The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University With contributions by Peter Hancock, Andreas Abel, Brigitte Pientka, David Thibodeau Operations, Sets, Types, M unchenwiler near Bern, Switzerland

941 views • 59 slides
The Power of Parameterization in Coinductive Proof Chung-Kil Hur Georg Neis Derek Dreyer

The Power of Parameterization in Coinductive Proof Chung-Kil Hur Georg Neis Derek Dreyer

The Power of Parameterization in Coinductive Proof Chung-Kil Hur Georg Neis Derek Dreyer Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Kaiserslautern and Saarbr ucken, Germany Contributions Parameterized

395 views • 14 slides

More recommend